Subject: Re: How kauth can make meaningful decisions about passthru ioctls
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Elad Efrat <elad@NetBSD.org>
List: tech-security
Date: 11/30/2006 15:53:31
Steven M. Bellovin wrote:
> On Thu, 30 Nov 2006 15:10:25 +0200
> Elad Efrat <elad@NetBSD.org> wrote:
>
>> Thor Lancelot Simon wrote:
>>
>>> Sure. We're concerned about what the ioctl being passed-through
>>> could cause the device to do. Think about what amr(4) would have
>>> to do if it didn't know how to parse the sub-commands: it'd have to
>>> tell the listener "it could be any of these: ..." .
>>>
>>> We could, I suppose, order the commands from "safest" to "most
>>> dangerous" and require that the question indicate the "most
>>> dangerous". But what's "more dangerous", writing the device data
>>> or writing the device configuration? I think a similar issue
>>> exists even for read.
>> sounds logical. unless someone objects, I'll come up with a diff.
>>
> What sounds logical? An ordering? I don't think it makes much sense
> at all. What's wrong with a bitmask?
sorry if I wasn't clear: thor's explanation as to why we should use
a bit-field sounds logical, and I agree that it's what we should do.
-e.
--
Elad Efrat